UK National Cyber Security Centre says drug firms and research groups being targeted by group known as APT29
Russian state-sponsored hackers are targeting UK, US and Canadian organisations involved in developing a coronavirus vaccine, according to British security officials.
The UK’s National Cyber Security Centre (NCSC) said drug companies and research groups were being targeted by a group known as APT29, which was “almost certainly” part of the Kremlin’s intelligence services.
British officials would not say if any of the attacks had been successful in their goal of stealing medical secrets. They stressed, however, that none of the vaccine research had been compromised as a result.
Britain is at the forefront of research efforts to produce a vaccine, with scientists at Oxford University and Imperial College London, among those leading global efforts.
It is rare for the UK to explicitly state that it believes another country is behind a coordinated and ongoing campaign of cyber-attacks, but British officials said it shared its assessment with the US and Canada.
The UK’s foreign secretary, Dominic Raab, said it was “completely unacceptable” for Russian intelligence services to target research on the Covid-19 pandemic.
He said: “While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health. The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.”
Officials added that they could not be certain that the Russian president, Vladimir Putin, would have known about the operation to target vaccine research efforts but that it would not be contemplated unless it was something he was thought to approve of.
The British attribution was rejected by the Kremlin. Putin’s spokesperson Dmitri Peskov told the Guardian on Thursday that Russia was not involved in either hacking attempt.
“We have no information about who may have hacked pharmacological companies and research centres in the United Kingdom,” he said. “We can say only that Russia has nothing to do with these attempts.”
The Russian foreign ministry also called for the UK government to provide proof of the accusations. Spokeswoman Maria Zakharova said: “This statement is so vague and contradictory that it’s actually impossible to comprehend.”
Russian state-backed hackers have previously been accused of attempting to break into computers used by sports anti-doping agencies and into a Swiss chemicals laboratory where novichok nerve agent samples from the Salisbury attack were analysed.
The APT29 group has been active for several years, and is known in the hacker community as the Dukes or Cozy Bear. The same group has been linked to attacks on the US Democratic party in the run-up to 2016 elections.
Cozy Bear came to prominence in 2015, when researchers at Kaspersky Lab pinned devastating hacks of the unclassified state department and White House networks to the group. It has also been accused of orchestrated attacks on Norwegian foreign and defence ministeries and their security service in 2017.
It has previously been alleged that the group is controlled by the Russian FSB spy agency or its SVR foreign intelligence agency.
APT29 uses a variety of tools and techniques to try to steal secrets, including using phishing emails and custom malware known as “WellMess” and “WellMail”. Governments, thinktanks and the energy sector are also being targeted.
The UK has opted to take a more high profile stance against Russia ahead of the long-awaited publication of the Russia report from the intelligence and security committee, which looks at alleged Kremlin interference in British life.
Last week, Raab unveiled economic sanctions against 25 Russian nationals involved in the death of the Russian lawyer Sergei Magnitsky, as the UK introduced its post-Brexit sanctions regime.
Paul Chichester, director of operations for the NCSC, said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.”
The organisation released a security advisory to help potentially affected groups tackle the threat, which has been endorsed by the US National Security Agency and the Department of Homeland Security as well as the Canadian Communication Security Establishment (CSE).
Andrei Soldatov, a Russia investigative journalist and expert on the security services, said that coronavirus vaccine development provided an obvious target for intelligence services, including those in Russia and China, who could see the research on the disease’s origins and potential cures as a field for geopolitical competition.
Coronavirus “suddenly became such a big political factor, it affects everybody in every possible way, so there’s a big temptation to use this as an opportunity,” he said. “You can quite easily find some political justification for why to do this now. It’s a very politicised issue right now. It’s about what kind of country to blame and which country to blame.”